This commit is contained in:
parent
b307534521
commit
730774dd24
5 changed files with 129 additions and 3 deletions
|
@ -1,8 +1,13 @@
|
|||
name: update-flake-lock
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
- cron: '0 0 * * *' # daily at midnight
|
||||
# workflow_dispatch: # allows manual triggering
|
||||
# schedule:
|
||||
# - cron: '0 0 * * *' # daily at midnight
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- ".forgejo/workflows/update_lock.yaml"
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
|
|
|
@ -94,6 +94,18 @@
|
|||
config = import ./config/haproxy.nix { inherit config; };
|
||||
tcpPorts = [ 6443 6444 50000 ];
|
||||
};
|
||||
|
||||
matchbox = {
|
||||
enable = true;
|
||||
dataPath = "/var/lib/matchbox";
|
||||
assetPath = "/nas/matchbox/assets";
|
||||
};
|
||||
|
||||
dnsmasq = {
|
||||
enable = true;
|
||||
tftpRoot = "/srv/tftp";
|
||||
bootAsset = "http://10.1.1.57:8086/boot.ipxe";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,9 +2,11 @@
|
|||
imports = [
|
||||
./bind
|
||||
./cockpit
|
||||
./dnsmasq
|
||||
./forgejo
|
||||
./haproxy
|
||||
./libvirt-qemu
|
||||
./matchbox
|
||||
./nginx
|
||||
./onepassword-connect
|
||||
./podman
|
||||
|
|
56
nixos/modules/nixos/services/dnsmasq/default.nix
Normal file
56
nixos/modules/nixos/services/dnsmasq/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.dnsmasq;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.dnsmasq = {
|
||||
enable = mkEnableOption "dnsmasq";
|
||||
package = mkPackageOption pkgs "dnsmasq" { };
|
||||
bootAsset = mkOption {
|
||||
type = types.str;
|
||||
example = "http://10.1.1.57:8086/boot.ipxe";
|
||||
};
|
||||
tftpRoot = mkOption {
|
||||
type = types.str;
|
||||
example = "/srv/tftp";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall = {
|
||||
# dhcp ports
|
||||
allowedUDPPorts = [ 67 68 ]; # server/client
|
||||
};
|
||||
|
||||
# Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients
|
||||
# should merge all responses from their DHCPDISCOVER request.
|
||||
# https://matchbox.psdn.io/network-setup/#proxy-dhcp
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
package = cfg.package;
|
||||
# we just want to proxy DHCP, not serve DNS
|
||||
resolveLocalQueries = false;
|
||||
settings = {
|
||||
# Disables only the DNS port.
|
||||
port = 0;
|
||||
dhcp-range = [ "10.1.1.1,proxy,255.255.255.0" ];
|
||||
# serves TFTP from dnsmasq
|
||||
enable-tftp = true;
|
||||
tftp-root = cfg.tftpRoot;
|
||||
# if request comes from iPXE user class, set tag "ipxe"
|
||||
dhcp-userclass = "set:ipxe,iPXE";
|
||||
# if request comes from older PXE ROM, chainload to iPXE (via TFTP)
|
||||
# ALSO
|
||||
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
|
||||
# pxe-service="tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe";
|
||||
pxe-service = [
|
||||
"tag:#ipxe,x86PC,\"PXE chainload to iPXE\",undionly.kpxe"
|
||||
"tag:ipxe,0,matchbox,${cfg.bootAsset}"
|
||||
];
|
||||
log-queries = true;
|
||||
log-dhcp = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
51
nixos/modules/nixos/services/matchbox/default.nix
Normal file
51
nixos/modules/nixos/services/matchbox/default.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.matchbox;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.matchbox = {
|
||||
enable = mkEnableOption "matchbox";
|
||||
package = mkPackageOption pkgs "matchbox" { };
|
||||
dataPath = mkOption {
|
||||
type = types.str;
|
||||
example = "/var/lib/matchbox";
|
||||
};
|
||||
assetPath = mkOption {
|
||||
type = types.str;
|
||||
example = "/nas/matchbox/assets";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
];
|
||||
|
||||
networking.firewall = {
|
||||
# HTTP communication
|
||||
allowedTCPPorts = [ 8086 ];
|
||||
};
|
||||
|
||||
# Matchbox Server for PXE booting via device profiles
|
||||
users.groups.matchbox = { };
|
||||
users.users = {
|
||||
matchbox = {
|
||||
home = cfg.dataPath;
|
||||
group = "matchbox";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.matchbox = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.matchbox-server}/bin/matchbox -address=0.0.0.0:8086 -data-path=${cfg.dataPath} -assets-path=${cfg.assetPath} -log-level=debug";
|
||||
Restart = "on-failure";
|
||||
User = "matchbox";
|
||||
Group = "matchbox";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue